End-of-Shift report
Timeframe: Dienstag 05-11-2013 18:00 − Mittwoch 06-11-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
Attacks on New Microsoft Zero Day Using Multi-Stage Malware
Attackers exploiting the Microsoft Windows and Office zero day revealed yesterday are using an exploit that includes a malicious RAR file as well as a fake Office document as the lure, and are installing a wide variety of malicious components on newly infected systems. The attacks seen thus far are mainly centered in Pakistan. The...
http://threatpost.com/attacks-on-new-microsoft-zero-day-using-multi-stage-malware/102833
Malicious PDF Analysis Evasion Techniques
In many exploit kits, malicious PDF files are some of the most common threats used to try to infect users with various malicious files. Naturally, security vendors invest in efforts to detect these files properly - and their creators invest in efforts to evade those vendors. Using feedback provided by the Smart Protection Network, we...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XOJob_q_Zag/
Asus fixt schwerwiegende Sicherheitslücke in WebStorage
Die Client-Software WebStorage gehört zu einer Reihe von Apps, die Asus auf seinen Android-Geräten ab Werk installiert. heise netze hatte bei Routine-Kontrollen einen Implementierungsfehler aufgedeckt.
http://www.heise.de/security/meldung/Asus-fixt-schwerwiegende-Sicherheitsluecke-in-WebStorage-2040583.html
Google Bots Doing SQL Injection Attacks
One of the things we have to be very sensitive about when writing rules for our CloudProxy Website Firewall is to never block any major search engine bot (ie., Google, Bing, Yahoo, etc..). To date, we've been pretty good about this, but every now and then you come across unique scenarios like the one in this post, that make you scratch your head and think, what if a legitimate search engine bot was being used to attack the site? Should we still allow the attack to go through?
http://blog.sucuri.net/2013/11/google-bots-doing-sql-injection-attacks.html
Security Bulletin: IBM Sterling Certificate Wizard Shared Memory Permission Vulnerability (CVE-2013-1500)
The IBM Sterling Certificate Wizard is susceptible to a shared memory permission vulnerability. CVE(s): CVE-2013-1500 Affected product(s) and affected version(s): IBM Sterling Certificate Wizard: 1.3, 1.4
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_sterling_certificate_wizard_shared_memory_permission_vulnerability_cve_2013_1500?lang=en_us
Security Bulletin: Potential security vulnerability exist in the IBM Java SDKs TLS implementation that is shipped with Tivoli Netcool/OMNIbus Web GUI (CVE-2012-5081)
The JDKs TLS implementation does not strictly check the TLS vector length as set out in the latest RFC 5246. CVE(s): CVE-2012-5081 Affected product(s) and affected version(s): Tivoli Netcool/OMNIbus Web GUI: 7.3.0, 7.3.1, 7.4.0
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerability_exist_in_the_ibm_java_sdk_s_tls_implementation_that_is_shipped_with_tivoli_netcool_omnibus_web_gui_cve_2012_5081?lang=en_us
Security Bulletin: IBM Sterling Connect:Enterprise Secure Client Shared Memory Permission Vulnerability (CVE-2013-1500)
The IBM Sterling Connect:Enterprise Secure Client is susceptible to a shared memory permission vulnerability. CVE(s): CVE-2013-1500 Affected product(s) and affected version(s): IBM Sterling Secure Client: 1.3, 1.4
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_sterling_connect_enterprise_secure_client_shared_memory_permission_vulnerability_cve_2013_1500?lang=en_us
Vivotek IP Cameras RTSP Authentication Bypass
Topic: Vivotek IP Cameras RTSP Authentication Bypass Risk: High Text:Core Security - Corelabs Advisory
http://corelabs.coresecurity.com Vivotek IP Cameras RTSP Authentication Bypass 1. *A...
http://cxsecurity.com/issue/WLB-2013110038
Bugtraq: Open-Xchange Security Advisory 2013-11-06
http://www.securityfocus.com/archive/1/529635
Kerberos Multi-realm KDC NULL Pointer Dereference Denial of Service Vulnerability
https://secunia.com/advisories/55588
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-sip
Cisco WAAS Mobile Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-waasm
Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-tvxca
Tweetbot for Mac / for iOS Cross-Site Request Forgery Vulnerability
https://secunia.com/advisories/55462
Arbor Peakflow X Security Bypass and Cross-Site Scripting Vulnerabilities
https://secunia.com/advisories/55536